sorry, i thought that this german word is heavily used by strategy buffs.
"Spearhead" is the english word for "Angriffsspitze" and is quite different from "Schwerpunkt". The best (and even though lacking a lot) translation would be "main focus". I heard several americans using the german word, since the english translation doesn't catch the meaning quite as good.
i like the series since it's first implementation: Shogun.
But the AI was never something to write home about. Neither on the tactical nor on the strategic level it ever posed a threat. So any improvement here would be a very welcome. But i have my doubts. I'm playing quite a lot of strategy games. I never found an AI which
... could manage a fighting retreat,
... has an understanding of the "schwerpunkt" concept and
... knows when to avoid a fight.
Some AIs have shown a little of one or the other, but none was ever strong on those issues. Typical "human" cheats against comuter opponents are:
Split their territory into two parts. Usually the computer treats the loss as any other and doesn't recognize the disadvantages.
If outnumbered, you can usually save most of your troops by splitting them. Offer the computer a small sacrifice and withdraw yout host in the opposite direction.
Usually an AI has "modes" as agressive, defensive, etc. If the computer is in an agressive mode, invite them to attack your strong points.
Typically AIs have problems with counting their enemies. Decision are based on the strongest force. Split your mighty army into small hosts but keep them close together for mutual support. An AI avoiding the large host may attack now.
These are only examples. What i miss in an AI is the impression, that the AI has some kind of strategic plan. AIs never try to mislead me. So there is a lot of room for improvement.
I love beating my oponent.... so i hope the AI doesn't get too strong:-))).
True, but you can't turn kinetic energy into fuel-gas (i.e. regenerative braking), and your I/C engine is wasting >65% of the energy anyway, so as part of an overall system, energy density isn't the whole story.
Correct, but factor 30 is hard to offset by the better efficency.
usually you calculate the energy density in MJ (megajoule) per kg (Kilogramm). Why someone uses obsolete units like pounds escapes me, but if
i calculate (the use of "." and "," is a little bit inconsistent, i'm using "," to designate fractional decimals) correctly:
281.56 pounds are 127 kg
52,2 kwh are about 188 MJ
The result are 1,5 MJ per kg. Though better than normal still a long way (by a factor of 30) from fuel gas.
generally speaking: Performance is not the problem. Most user use: Word, Excel, Exchange, Solitaire, Minefield,.... Your case affects less than 1% of all users:-) I know, it's not much of a consolation....
Usually you encrypt the laptops of your travelling personel. Encrypting the scientific workstation or the database server is usually not recommended even by the manufacturer of the software.
we're selling a different solution, but some remarks from our real life experiences:
Performance is not the problem. Compared to other problems, this one is insignificant. It gets even more insignificant with multi core CPUs.
Encryption is also not the problem, it's the decryption that gives you headaches. Users loose passwords, tokens, certificates, etc... You must be able to help them when they are somewhere in Africa and need to recover their lost password for the disk encryption.
Encrypted disks are significantly harder to recover from a head crash or other HW related problems. Try the procedures your manuacturer gives you at least once before you need them...
There are a lot of other issues to consider:
You need to check the compatability with your disk encryption with each new OS release and new hardware. As for all enterprise projects: try to use as little different hardware/software as possible.
Service and Helpdesk personel needs to be trained
Think about how to do the rollout
Do people with encrypted notebooks travel to countries where it might be illegel?
How do you handle requests from law enforcement if they suspect one of your users?
General rule: Every hour you put into the project before the rollout saves you 10 hours support:-)
"The makers of MMOGlider have been found in breach of the World of Warcraft terms of service and are forced to pay Blizzard $6M in damages."
Now surely Blizzard with come up with some payment for my frustration and lost fun due to the gold farmers. I already sent Blizzard my bank account details. I'm waiting guys.....
Neither interview nor Link provides much information about the kind of attack. Between the lines they seem to be doing
something with the ressource usage by manipulating tcp session parameters. But that's idle speculation for now.
In any conditions? Are you including Earthbound conditions only? Sorry, but something of this magnitude should probably find a home on our Moon and/or Mars.
Any conditions meant: Conditions you cannot control. If you put a CD into a freezer at constant 5 degrees with no light and helium atmosphere, it may well be a very durable media even for several thousand years. But normmally you cannot control the conditions for such a long time. So you have to assume that your storage encounters barbarian invasions, is used as building material for a larger structure, gets stolen by foreigners, gets bombed and stomped at, being burned as heretic knowledge, etc. I abbreviated this with "any conditions":-). Even if the rosetta stone is a toughie, it's just plain luck that this copy survived. There were probably hundreds of rosetta stones once a while.
I'll bite. DNA has a far higher information density than what they described and it can survive tens of thousands of years without replicating.
You may well bite on some stone:-).
Proving, that you can retrieve some DNA even after 10.000 years is very different thing from storing information for several thousand years. If i want to preserve a certain information, it would be very inadvisable to store it inside some genetic profile. In 99.999999% of all cases, it will be lost (or can you give the DNA of Gajus Julius Caesar please?). The statement "some DNA survives" is quite different from "a certain DNA survives".
The mission is to store a certain information and to retrieve it (several thousand years) later. And here information denisity and lifetime are contradictions. You could do it inside the DNA, clone this being a thousand times and bury it in different places. Then you may a have chance to retrieve it. The information density will suck even though:-).
if you treat this disk the way the original rosetta stone has been treated, nobody will be able to decipher it afterwards. The only reason we were able the rosetta stone: The chars were relatively big. High information density and long lifetime (in any conditions) are contradictions....
Even in germany you don't get arrested for things like this. You get cited (several violations of laws) and may have to appear in front of a court. But this doesn't even close to standards set for an arrest.
The worst that can happen is (if you don't carry your identification) that the police takes you to their station for identification. But this is not an arrest. You won't even have to post a bail.
The punishment may be heavy though. The court may even block you from obtaining a driving permit for several years. Fines for drivinig without an insurance may cost you several thousand euros. Public roads are not a builders lab... If he hurts someone without being insured, this may ruin several lives.
this development is not surprising. The biggest surprise for me was the amount of money that an ISP can make by doing this. Given this fact, this trend is a natural result.
Some ISPs even learned lessons from others who were doing so before. Nowadays such a measure is implemented in a transparent way and the resulting page even contains an "opt out" button. It gets pressed only by less than 1% of all users. Why? They don't try to ram down as much advertisement as possible down the customers throat but also give a "value add" (at least for the casual user) in return (e.g. pointing out, where the typed URL may be wrong). Coupled with some heuristics (redirecting wwwww.google.com but not mxx14.somwhere.net) several ISPs introduced this features without any or very little complaints.
Wether i like it or not is a moot point. ISPs make money this way, most customers can live with it, therfore it will happen. Stupid are those ISPs who try to "force" their users to accept it. As Newton stated, any force will produce a "counter force". These "counter forces" result in negative propaganda for those ISPs and get the attention of users who didn't really wonder why their "error page" has changed before.
Given the current security state of DNS in general, the added security risk by answering for NXDOMAINs does not even approach to be a secondary problem. Making DNS more secure in general would close this loophole as well: your browser could inform you about being redirected by your ISP due to a typo.
Sincerely yours, Martin
P.S. My statement is not "this is good" or "this is bad", it's more "this is inevitable".
Correction: They don't sell the 900 with Linux. Only the 700 is available with Linux. You can dualboot the 900 with Linux, but you have to pay for the XP:-(
here in germany, they don't sell the Asus EEE PC with Linux. The only available version is the XP version with 12GB Flash and it costs 600$ (400 Euro). It seems that Microsoft has "convinced" Asus not to ruin their market here.
Delivery to the following recipient failed permanently:
paul@vix.com
Technical details of permanent failure: PERM_FAILURE: Gmail tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 553 553 5.7.1 Service unavailable; Client host [72.14.220.152] blocked using reject-all.vix.com; reason / created (state 14).
--- cut here ---
and
--- cut here --- elivery to the following recipient has been delayed:
vixie@jabber.redbarn.org
Message will be retried for 1 more day(s)
Technical details of temporary failure: TEMP_FAILURE: The recipient server did not accept our requests to connect. Learn more at http://mail.google.com/support/bin/answer.py?answer=7720 [jabber.redbarn.org (1): Connection timed out] --- cut here ---
80 large for software? , and DNS software? are you nuts?
I do IT as a living for 25 years now, so the answer to your question is YES.
Do you realize how fast a computer you can get for $80K?
The answer is YES again. I sell it too...
Its just DNS software , why would you want to pay ANYTHING let along that much? Buying a faster computer to do the same thing makes a whole lot more scene.
The answer here is NO. The problem with this thread and the discussion here is, that you underestimate the problem.
Example: It's 2007. You have 4 Caching DNS servers on 3Ghz Dual Xeon, each runs a two BIND 8 processes. Each BIND process is bound to a specific IP address. The servers really work hard, but the DNS performance (time to answer, percentage of queries ansered) doesn't satisfy you. What do you do?
OK, let's start:
The clever guy says: Dude, you're still running BIND 8. That's outdated. Switch to the new BIND 9! It's got multithreading. Use it and all you're sorrows are gone.
The real world says: BIND 9 on a Dual CPU system brings you 140% of the performance of BIND 8. But you're running 2 processes on each system. Switching to BIND 9 decreases your performance per CPU for about 30%.
The clever guys replies: OK, buy four more machines. Use one BIND 9 on each of them.
The real world says: OK, you increased your capacity by 40% while doubling the costs. This is a workaround but no solution...
The clever guy says: OK, buy 12 machines, put BIND 9 on all of them.
The real world says: OK, no you qadruppeled your costs. Are you aware that managing a hardware costs more than the iron itself. And how, by the way, do you distribute the load?
The clever guy says: Oh, just use a load balancer.
The real world takes it spreadsheet and says: Well a load balancer for that load costs something too. Any one here knows how to setup and configure ACME load balancer?
The clever guy says: OK, drop the load balancer. Just give the users the address of the new name servers by PPPoE.
Ar this point the real world sighs: Ah, and you are aware that about 30+% have hardwired the name server.
Believe me, this is the simplified version for beginners.
Hi,
If bind is your problem, your doing it wrong. Root F runs bind and I'm betting it does far more than your trivially small organisation with only 100k zones.
Root F and its mirrors answer somewhere in excess of 1/3 of all top level queries.
If you run BIND with 100K zones, it takes quite some time to come up and starts answering queries. If you do a reload, it has a dead time in between. Try it...As secondary it has bugs (for more than 12 months now) that may crash it. I just had customer who paid a lot of money to get it fixed by an external company. Of course the fix was sent to the BIND maintainers.
As always, you can work around the problem. E.g. for the startup/reload problem you can use multiple server and load balancers, switch ip addresses, pull a rabbit out of your hat... It's all possible. The question is always: is it cost efficent? If you have to adopt your procedures to work with BIND, you may do so. A lot of companys prefer paying money and adopt the software to their procdures. Both ways may work.
BIND doesn't have a performance problem as primary nameserver or secondary nameserver. It has a performance problem as a caching nameserver and a severe one. This is why i'm happy about Unbound.
At last: Some root nameservers should always run BIND. We need at huge diversity of software for root server, even if it creates pains. Just for security reasons....
Regards, Martin
Disclaimer: I don't hate BIND, i don't love specific comercial products. The decision is always based on a lot of parameters. Price, FOSS vs. comercial, hardware or software based solution, Know How of the administrators... All goes into one pot. There is no one size fits all.
Hi,
If DNS traffic is your bottleneck, you don't have a bottleneck.
Sorry, you missunderstood me. I didn't say DNS traffic is a bottleneck. I said DNS is the bottleneck and i meant the number of requests.
Why do we get so many more DNS requests today:
Anti-SPAM-Systems use DNS to make their decisions.. A SPAM mail may cause several DNS requests on the receiving side.
Everyone and his dog is using small firewalls which regularly do a reverse DNS query per incoming connection. A new worm (even without any infection) can cause millions of DNS requests for a large ISP.
Web-Sites are heavily loaded with images/adds from other servers. This means a dozen or more DNS requests for a singe web page.
etc...
While DNS is still a small percentage of the overall traffic, it can be a bottleneck. I slow caching nameserver (if its overloaded or as inefficent as a BIND in a large ISP environment) can severely decrease the "speed experience" of a fast DSL line. If you have an average answer time of 300ms for a DNS request from a caching nameserver, it really hurts. Just believe me...
Iw ould agree that BIND nearly never is your biggest problem. But for big ISP it can be a big problem anyway. A lot of them already dumped BIND.
Hi,
Here we go the the "commercial software is better than open source" argument.
Neither is open source better thean comercial nor is comercial better than open source. It all depends on the use. As i wrote, if you are a small ISP or a medium ISP and (e.g. 5K Zones, 10K DNS requests per second) BIND suits your needs. If you have 100K zones and 100K DNS requests per second, i doesn't. I mentioned Nominum because it's the best solution i have seen till today and i will benchmark Outbound against CNS and not BIND. Beating BIND is IMHO not a challenge....
I personally hate BIND, and BIND is open source, but some secret sauce being twice as fast? I don't think so.
I'm not in the secret sauce business;-). I speak numbers and statistics. E.g. CNS is for high loads 10-20 times more CPU efficent than BIND as caching nameserver on the same hardware. The cache handling of BIND 8/9 really, really sucks:-(. A customer doesn't pay 80K $ just on my say so (unluckily). They run tests and to prove the business case.
Remark: 90% of my customers run BIND and are happy with it. I do OSS and comercial software in a happy mix. Ideology is not my thing. Use the software (FOSS or comercial) that's better for the problem.
DNS is one of the bottlenecks to come. For nearly every ISP, DNS traffic grows faster than the overall traffic.
i'm doing a lot of consulting for large ISPs on DNS problems. BIND is good for small and medium ISPs but bad for large ones (as resolver, as primary or secondary nameserver).
It doesn't work very well with Cache above 1GB and the multithreading is not very efficent. Startup (for servers with 100K zones) is very slow, restart (after changing the configuration) is risky if you decreased the number of masters for a secondary zone (core dump). The readability of the code is far from perfect and it doesn't seperate different functions very well (e.g. you cannot easily replace the caching algorithm). The handling of slow or dead servers could be improved too...
So, i personaly welcome the new contender in the OSS nameserver arena;-). Let the games begin...
The best results (up today) i got with Nominum ANS and CNS. It's neither FOSS nor cheap but really, really fast. We replaced at one customer 4 overloaded BIND systems (3 Ghz Dual Xeon, 4GB RAM, 2 BIND processes per system) with CNS on the same hardware (but only 2 systems) and the load barely reached 10%.
Hi,
How do you sell a character, yet mitigate the risk of identity theft?
He gets my name with any ebay transaction anyway. All other data may be changed/deleted before you hand over the account.
Avoid the noob error of not changing the account password before handing it over. Most people use the account password for several othet sites as well.
Slashdot Mirror
sorry, i thought that this german word is heavily used by strategy buffs.
"Spearhead" is the english word for "Angriffsspitze" and is quite different from "Schwerpunkt". The best (and even though lacking a lot) translation would be "main focus". I heard several americans using the german word, since the english translation doesn't catch the meaning quite as good.
Sincerely yours, Martin
i like the series since it's first implementation: Shogun.
But the AI was never something to write home about. Neither on the tactical nor on the strategic level it ever posed a threat. So any improvement here would be a very welcome. But i have my doubts. I'm playing quite a lot of strategy games. I never found an AI which
Some AIs have shown a little of one or the other, but none was ever strong on those issues. Typical "human" cheats against comuter opponents are:
These are only examples. What i miss in an AI is the impression, that the AI has some kind of strategic plan. AIs never try to mislead me. So there is a lot of room for improvement.
I love beating my oponent.... so i hope the AI doesn't get too strong :-))).
CU on the battlefield, Martin
Correct, but factor 30 is hard to offset by the better efficency.
Yours, Martin
usually you calculate the energy density in MJ (megajoule) per kg (Kilogramm). Why someone uses obsolete units like pounds escapes me, but if i calculate (the use of "." and "," is a little bit inconsistent, i'm using "," to designate fractional decimals) correctly:
281.56 pounds are 127 kg
52,2 kwh are about 188 MJ
The result are 1,5 MJ per kg. Though better than normal still a long way (by a factor of 30) from fuel gas.
Sincerely yours, Martin
generally speaking: Performance is not the problem. Most user use: Word, Excel, Exchange, Solitaire, Minefield, .... Your case affects less than 1% of all users :-) I know, it's not much of a consolation....
Usually you encrypt the laptops of your travelling personel. Encrypting the scientific workstation or the database server is usually not recommended even by the manufacturer of the software.
Sincerely yours, Martin
we're selling a different solution, but some remarks from our real life experiences:
Sincerely yours, Martin
"The makers of MMOGlider have been found in breach of the World of Warcraft terms of service and are forced to pay Blizzard $6M in damages."
Now surely Blizzard with come up with some payment for my frustration and lost fun due to the gold farmers. I already sent Blizzard my bank account details. I'm waiting guys.....
CU, Martin
Neither interview nor Link provides much information about the kind of attack. Between the lines they seem to be doing something with the ressource usage by manipulating tcp session parameters. But that's idle speculation for now.
CU, Martin
i think this is the third story on an ISP catching DNS errors :-(. Even the follow-ups seem to be similar.
Personally, my only surprise was when i learned how much money an ISP can make by selling Ads on error landing pages.
Regards, Martin
Any conditions meant: Conditions you cannot control. If you put a CD into a freezer at constant 5 degrees with no light and helium atmosphere, it may well be a very durable media even for several thousand years. But normmally you cannot control the conditions for such a long time. So you have to assume that your storage encounters barbarian invasions, is used as building material for a larger structure, gets stolen by foreigners, gets bombed and stomped at, being burned as heretic knowledge, etc. I abbreviated this with "any conditions" :-). Even if the rosetta stone is a toughie, it's just plain luck that this copy survived. There were probably hundreds of rosetta stones once a while.
Sincerely yours, Martin
You may well bite on some stone :-).
Proving, that you can retrieve some DNA even after 10.000 years is very different thing from storing information for several thousand years. If i want to preserve a certain information, it would be very inadvisable to store it inside some genetic profile. In 99.999999% of all cases, it will be lost (or can you give the DNA of Gajus Julius Caesar please?). The statement "some DNA survives" is quite different from "a certain DNA survives".
The mission is to store a certain information and to retrieve it (several thousand years) later. And here information denisity and lifetime are contradictions. You could do it inside the DNA, clone this being a thousand times and bury it in different places. Then you may a have chance to retrieve it. The information density will suck even though :-).
Regards, Martin
if you treat this disk the way the original rosetta stone has been treated, nobody will be able to decipher it afterwards. The only reason we were able the rosetta stone: The chars were relatively big. High information density and long lifetime (in any conditions) are contradictions....
Yours, Martin
Even in germany you don't get arrested for things like this. You get cited (several violations of laws) and may have to appear in front of a court. But this doesn't even close to standards set for an arrest. The worst that can happen is (if you don't carry your identification) that the police takes you to their station for identification. But this is not an arrest. You won't even have to post a bail. The punishment may be heavy though. The court may even block you from obtaining a driving permit for several years. Fines for drivinig without an insurance may cost you several thousand euros. Public roads are not a builders lab... If he hurts someone without being insured, this may ruin several lives.
Sincerely yours, Martin
Not at all.
Regards, Martin
this development is not surprising. The biggest surprise for me was the amount of money that an ISP can make by doing this. Given this fact, this trend is a natural result.
Some ISPs even learned lessons from others who were doing so before. Nowadays such a measure is implemented in a transparent way and the resulting page even contains an "opt out" button. It gets pressed only by less than 1% of all users. Why? They don't try to ram down as much advertisement as possible down the customers throat but also give a "value add" (at least for the casual user) in return (e.g. pointing out, where the typed URL may be wrong). Coupled with some heuristics (redirecting wwwww.google.com but not mxx14.somwhere.net) several ISPs introduced this features without any or very little complaints.
Wether i like it or not is a moot point. ISPs make money this way, most customers can live with it, therfore it will happen. Stupid are those ISPs who try to "force" their users to accept it. As Newton stated, any force will produce a "counter force". These "counter forces" result in negative propaganda for those ISPs and get the attention of users who didn't really wonder why their "error page" has changed before.
Given the current security state of DNS in general, the added security risk by answering for NXDOMAINs does not even approach to be a secondary problem. Making DNS more secure in general would close this loophole as well: your browser could inform you about being redirected by your ISP due to a typo.
Sincerely yours, Martin
P.S. My statement is not "this is good" or "this is bad", it's more "this is inevitable".
Correction: They don't sell the 900 with Linux. Only the 700 is available with Linux. You can dualboot the 900 with Linux, but you have to pay for the XP :-(
here in germany, they don't sell the Asus EEE PC with Linux. The only available version is the XP version with 12GB Flash and it costs 600$ (400 Euro). It seems that Microsoft has "convinced" Asus not to ruin their market here.
An unhappy Martin
Hi,
i coouldn't reach you under no email address:
--- cut here ---
Delivery to the following recipient failed permanently:
paul@vix.com
Technical details of permanent failure:
PERM_FAILURE: Gmail tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 553 553 5.7.1 Service unavailable; Client host [72.14.220.152] blocked using reject-all.vix.com; reason / created (state 14).
--- cut here ---
and
--- cut here ---
elivery to the following recipient has been delayed:
vixie@jabber.redbarn.org
Message will be retried for 1 more day(s)
Technical details of temporary failure:
TEMP_FAILURE: The recipient server did not accept our requests to connect. Learn more at http://mail.google.com/support/bin/answer.py?answer=7720
[jabber.redbarn.org (1): Connection timed out]
--- cut here ---
Regards, Martin
I do IT as a living for 25 years now, so the answer to your question is YES.
Do you realize how fast a computer you can get for $80K?The answer is YES again. I sell it too...
Its just DNS software , why would you want to pay ANYTHING let along that much? Buying a faster computer to do the same thing makes a whole lot more scene.The answer here is NO. The problem with this thread and the discussion here is, that you underestimate the problem.
Example: It's 2007. You have 4 Caching DNS servers on 3Ghz Dual Xeon, each runs a two BIND 8 processes. Each BIND process is bound to a specific IP address. The servers really work hard, but the DNS performance (time to answer, percentage of queries ansered) doesn't satisfy you. What do you do?
OK, let's start:
The real world says: BIND 9 on a Dual CPU system brings you 140% of the performance of BIND 8. But you're running 2 processes on each system. Switching to BIND 9 decreases your performance per CPU for about 30%.
The real world says: OK, you increased your capacity by 40% while doubling the costs. This is a workaround but no solution...
The real world says: OK, no you qadruppeled your costs. Are you aware that managing a hardware costs more than the iron itself. And how, by the way, do you distribute the load?
The real world takes it spreadsheet and says: Well a load balancer for that load costs something too. Any one here knows how to setup and configure ACME load balancer?
Ar this point the real world sighs: Ah, and you are aware that about 30+% have hardwired the name server.
Believe me, this is the simplified version for beginners.
Regards, Martin
The problem are not the requests to the primary/secondary name servers. The bottleneck are more the caching name servers of the access providers.
Regards, Martin
If you run BIND with 100K zones, it takes quite some time to come up and starts answering queries. If you do a reload, it has a dead time in between. Try it...As secondary it has bugs (for more than 12 months now) that may crash it. I just had customer who paid a lot of money to get it fixed by an external company. Of course the fix was sent to the BIND maintainers.
As always, you can work around the problem. E.g. for the startup/reload problem you can use multiple server and load balancers, switch ip addresses, pull a rabbit out of your hat... It's all possible. The question is always: is it cost efficent? If you have to adopt your procedures to work with BIND, you may do so. A lot of companys prefer paying money and adopt the software to their procdures. Both ways may work.
BIND doesn't have a performance problem as primary nameserver or secondary nameserver. It has a performance problem as a caching nameserver and a severe one. This is why i'm happy about Unbound.
At last: Some root nameservers should always run BIND. We need at huge diversity of software for root server, even if it creates pains. Just for security reasons....
Regards, Martin
Disclaimer: I don't hate BIND, i don't love specific comercial products. The decision is always based on a lot of parameters. Price, FOSS vs. comercial, hardware or software based solution, Know How of the administrators... All goes into one pot. There is no one size fits all.
Sorry, you missunderstood me. I didn't say DNS traffic is a bottleneck. I said DNS is the bottleneck and i meant the number of requests.
Why do we get so many more DNS requests today:
While DNS is still a small percentage of the overall traffic, it can be a bottleneck. I slow caching nameserver (if its overloaded or as inefficent as a BIND in a large ISP environment) can severely decrease the "speed experience" of a fast DSL line. If you have an average answer time of 300ms for a DNS request from a caching nameserver, it really hurts. Just believe me...
Iw ould agree that BIND nearly never is your biggest problem. But for big ISP it can be a big problem anyway. A lot of them already dumped BIND.
Regards, Martin
Neither is open source better thean comercial nor is comercial better than open source. It all depends on the use. As i wrote, if you are a small ISP or a medium ISP and (e.g. 5K Zones, 10K DNS requests per second) BIND suits your needs. If you have 100K zones and 100K DNS requests per second, i doesn't. I mentioned Nominum because it's the best solution i have seen till today and i will benchmark Outbound against CNS and not BIND. Beating BIND is IMHO not a challenge....
I personally hate BIND, and BIND is open source, but some secret sauce being twice as fast? I don't think so.I'm not in the secret sauce business ;-). I speak numbers and statistics. E.g. CNS is for high loads 10-20 times more CPU efficent than BIND as caching nameserver on the same hardware. The cache handling of BIND 8/9 really, really sucks :-(. A customer doesn't pay 80K $ just on my say so (unluckily). They run tests and to prove the business case.
Remark: 90% of my customers run BIND and are happy with it. I do OSS and comercial software in a happy mix. Ideology is not my thing. Use the software (FOSS or comercial) that's better for the problem.
Regards, Martin
DNS is one of the bottlenecks to come. For nearly every ISP, DNS traffic grows faster than the overall traffic.
i'm doing a lot of consulting for large ISPs on DNS problems. BIND is good for small and medium ISPs but bad for large ones (as resolver, as primary or secondary nameserver).
It doesn't work very well with Cache above 1GB and the multithreading is not very efficent. Startup (for servers with 100K zones) is very slow, restart (after changing the configuration) is risky if you decreased the number of masters for a secondary zone (core dump). The readability of the code is far from perfect and it doesn't seperate different functions very well (e.g. you cannot easily replace the caching algorithm). The handling of slow or dead servers could be improved too...
So, i personaly welcome the new contender in the OSS nameserver arena ;-). Let the games begin...
The best results (up today) i got with Nominum ANS and CNS. It's neither FOSS nor cheap but really, really fast. We replaced at one customer 4 overloaded BIND systems (3 Ghz Dual Xeon, 4GB RAM, 2 BIND processes per system) with CNS on the same hardware (but only 2 systems) and the load barely reached 10%.
Sincerely yours, Martin
He gets my name with any ebay transaction anyway. All other data may be changed/deleted before you hand over the account.
Avoid the noob error of not changing the account password before handing it over. Most people use the account password for several othet sites as well.
Regards, Martin